Novell Home

CVE-2013-1705

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1705 at MITRE

Description

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 833389, 840485

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP3 DEBUGINFO
  • MozillaFirefox-debuginfo >= 17.0.9esr-0.7.1
  • MozillaFirefox-debugsource >= 17.0.9esr-0.7.1
Builds
SAT Patch Nr: 8344
SUSE Linux Enterprise Software Development Kit 11 SP3
  • MozillaFirefox-devel >= 17.0.9esr-0.7.1
Builds
SAT Patch Nr: 8344
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • MozillaFirefox >= 17.0.9esr-0.7.1
  • MozillaFirefox-translations >= 17.0.9esr-0.7.1
Builds
SAT Patch Nr: 8344

© 2014 Novell